The Ballot is Busted Before the Blockchain: A Security Analysis of Voatz, the First Internet Voting Application Used in U.S. Federal Elections

In the 2018 midterm elections, West Virginia became the first state in the U.S. to allow select voters to cast their ballot on a mobile phone via a proprietary app called “Voatz.” Although there is no public formal description of Voatz’s security model, the company claims that election security and integrity are maintained through the use of a permissioned blockchain, biometrics, a mixnet, and hardware-backed key storage modules on the user’s device. In this work, we present the first public security analysis of Voatz, based on a reverse engineering of their Android application and the minimal available documentation of the system. We performed a cleanroom reimplementation of Voatz’s server and present an analysis of the election process as visible from the app itself. We find that Voatz has vulnerabilities that allow different kinds of adversaries to alter, stop, or expose a user’s vote, including a sidechannel attack in which a completely passive network adversary can potentially recover a user’s secret ballot. We additionally find that Voatz has a number of privacy issues stemming from their use of third party services for crucial app functionality. Our findings serve as a concrete illustration of the common wisdom against Internet voting, and of the importance of transparency to the legitimacy of elections.

[1]  Neha Narula,et al.  Going from bad to worse: from Internet voting to blockchain voting , 2021, J. Cybersecur..

[2]  Emin Gün Sirer,et al.  Majority Is Not Enough: Bitcoin Mining Is Vulnerable , 2013, Financial Cryptography.

[3]  Jeremy Clark,et al.  Scantegrity II: End-to-End Verifiability for Optical Scan Election Systems using Invisible Ink Confirmation Codes , 2008, EVT.

[4]  Jeremy Clark,et al.  Remotegrity: Design and Use of an End-to-End Verifiable Remote Voting System , 2013, ACNS.

[5]  Philip B. Stark,et al.  A Gentle Introduction to Risk-Limiting Audits , 2012, IEEE Security & Privacy.

[6]  Eric Wustrow,et al.  Attacking the Washington, D.C. Internet Voting System , 2012, Financial Cryptography.

[7]  Zhe Xia,et al.  PrÊt À Voter: a Voter-Verifiable Voting System , 2009, IEEE Transactions on Information Forensics and Security.

[8]  Philip B. Stark,et al.  STAR-Vote: A Secure, Transparent, Auditable, and Reliable Voting System , 2012, EVT/WOTE.

[9]  Douglas W. Jones,et al.  Broken Ballots: Will Your Vote Count? , 2012 .

[10]  Ben Adida,et al.  Helios: Web-based Open-Audit Voting , 2008, USENIX Security Symposium.

[11]  Satoshi Nakamoto Bitcoin : A Peer-to-Peer Electronic Cash System , 2009 .

[12]  Philip B. Stark,et al.  Public Evidence from Secret Ballots , 2017, E-VOTE-ID.

[13]  Tara Matthews,et al.  Stories from Survivors: Privacy & Security Practices when Coping with Intimate Partner Abuse , 2017, CHI.

[14]  Ariel J. Feldman,et al.  Security Analysis of the Diebold AccuVote-TS Voting Machine , 2007, EVT.

[15]  Josh Benaloh,et al.  Simple Verifiable Elections , 2006, EVT.

[16]  Vanessa Teague,et al.  How not to prove your election outcome , 2020, 2020 IEEE Symposium on Security and Privacy (SP).

[17]  Ronald L Rivest,et al.  On the notion of ‘software independence’ in voting systems , 2008, Philosophical Transactions of the Royal Society A: Mathematical, Physical and Engineering Sciences.

[18]  J. Alex Halderman,et al.  Ethical Issues in E-Voting Security Analysis , 2011, Financial Cryptography Workshops.

[19]  Telecommunications Board,et al.  Securing the Vote , 2018 .

[20]  Josh Benaloh,et al.  Ballot Casting Assurance via Voter-Initiated Poll Station Auditing , 2007, EVT.

[21]  Pierrick Gaudry,et al.  Breaking the encryption scheme of the Moscow internet voting system , 2019, Financial Cryptography.

[22]  M. Germann,et al.  Internet voting and turnout: Evidence from Switzerland , 2017 .

[23]  J. Alex Halderman,et al.  Security Analysis of the Estonian Internet Voting System , 2014, CCS.

[24]  Mark Ryan,et al.  Coercion-resistance and receipt-freeness in electronic voting , 2006, 19th IEEE Computer Security Foundations Workshop (CSFW'06).

[25]  Dan S. Wallach,et al.  Analysis of an electronic voting system , 2004, IEEE Symposium on Security and Privacy, 2004. Proceedings. 2004.

[26]  David Fifield,et al.  A better zip bomb , 2019, WOOT @ USENIX Security Symposium.

[27]  Jeremy Clark,et al.  Scantegrity II Municipal Election at Takoma Park: The First E2E Binding Governmental Election with Ballot Privacy , 2010, USENIX Security Symposium.

[28]  Daniel J. Solove,et al.  The FTC and the New Common Law of Privacy , 2013 .

[29]  David Chaum,et al.  Secret-ballot receipts: True voter-verifiable elections , 2004, IEEE Security & Privacy Magazine.

[30]  J. A. Halderman Source Code Review of the Diebold Voting System , 2007 .